Dark Overlord is the same nom de guerre employed by the individual or group of people that also launched the recent ransomware attacks against HBO and Netflix this year demanding to be paid to not post stolen intellectual property on the Web before the media companies' scheduled broadcast. Even after receiving a reported $50,000 payment the hackers apparently went ahead in one instance and released an episode of Orange is the New Black before its official release.

Finding and encrypting backups on network file shares: Many backup products backup data to shared files, Many organizations also use the default directory name created by these backup products to store these backups. The default names of these directories are readily accessible in the documentation published by backup providers. Cybercriminals have figured this out. As part of their attacks they find and encrypt data on production servers and probe corporate networks for these default backup directories so they can encrypt the backups as well.

Hacking application programming interfaces (APIs) of the backup software: Most enterprise backup software products expose an API. Intended to make backup and recovery programmable it turns out cybercriminals have figured out how to use APIs to disrupt or encrypt a backup.

Plant a ransomware time bomb: When ransomware encrypts data, the encryption it generally does so as soon as or shortly after it gets onto the corporate network. Now it’s been observed that ransomware is being launched as a form of an advanced persistent threat. The malware used to launch the attack will infect data, including all the backups, for months before encrypting all that data.

Because of these issues, testing of backup and recovery processes needs to become continuous. Daily of backups of important intellectual property are now required. IT organizations will also need to make sure they are backing up pristine copies of data to multiple locations in case that one copy of their data winds up being compromised. Naturally, that’s a lot of additional work for all concerned. But the alternative now is to not only being forced to pay a ransom, it’s also to enduring increasingly vicious demands from what are now cyber terrorists. It’s never advisable to negotiate with terrorists. That’s tough advice to follow when critical data is involved. The real challenge is to implement the security measures necessary that prevent your organization from ever finding itself in the position in the first place.

Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.